Category Archives: Active Directory

If you connect your on-premises active directory toAzure Active Directory and force Directory synchronization then your local AD users account been replicated to Azure AD, user accounts in both the AD will be synch with 100 percentage and local On-premises user able connect Office365 their local user and domain login, some time you may … [Continue reading]

If you are looking for cloud-based Active Directory as a replacement for on-premise domain controller, like Active Directory without on-premise domain controller, we have an Azure Active Directory is cloud-based identity and access management service hosted in Microsoft datacenter, If you are looking to get rid of physical Domain Controller then Virtual machine in Azure or AWS is an option … [Continue reading]

One of my readers facing the problem is that many of the PC’s are having Trust relationship issues but he doesn’t have a list of PC’s which are having this issue. The users are able to login to the domain account in these PC’s and Group policies also seem to work in many of these PC’s

Domain joined workstations and member servers are had a Trust relationship with Domain in order to authenticate, and reset the computer account password every 30 days by default, you will get the below error if any mismatch between computer password on workstation and on Domain controller

Largest delta would report as unknown on Source DC while running Repadmin /replsummary for your Domain and Forest, since it’s showing unknown and didn’t see the replication delta value and unable to find the affected Destination DC, will describe how to find the Destination DC

One of the Domain Controller DNS entries pointing to wrong IP Address (resolving with the wrong IP address) which is affected Active Directory authentication and other services. This is a unique issue which I have come across

It’s a single forest with multiple child domains as the architecture, when try to resolve one of the child Domain’s Domain Controller from … [Continue reading]

On active directory auditing we want to know who, when and where the Active Directory Attributes are changed, like who removed the group from an Active directory user account, who changed the account description or any other Active directory object attribute changes

All Active directory object changes are stored in object Meta and can be viewed through repadmin command, it’s … [Continue reading]

Find Duplicate SPN: A Service Principal Name (SPN) is a concept from Kerberos. To find a particular service offered by a particular host within the domain. General Syntax of SPNs is service class/fqdn@REALM , There are also User Principal Names which identify users, in form of user@Domain

Kerberos requires that the SPN be unique and there should be a single … [Continue reading]

How client computer/member server find the logon Domain Controller from Cress Fores in an Active Directory envirnment or How secure channel determine the Domain controller in cross-forest

If you are worked on troubleshooting the authentication issues between forests, you might be used NLTEST tool to check the secure channel Domain controller, did you ever try to know how the domain … [Continue reading]